#include "agent.h"
#include "winagent.h"
#include "lixagent.h"
#include "guests.h"

Functions
INTSTATUS	IntAgentHandleInt3 (QWORD Rip, DWORD CpuNumber)
	Dispatch a breakpoint event to the Windows or Linux agent breakpoint handler. More...

INTSTATUS	IntAgentHandleVmcall (QWORD Rip)
	Dispatch a VMCALL event to the Windows or Linux agent VMCALL handler. More...

INTSTATUS	IntAgentActivatePendingAgent (void)
	Activate a pending Windows or Linux agent. More...

void	IntAgentDisablePendingAgents (void)
	Disable the Windows or Linux pending agents. More...

AG_WAITSTATE	IntAgentGetState (DWORD *Tag)
	Get the current Windows or Linux agent state. More...

INTSTATUS	IntAgentEnableInjection (void)
	Enable Windows or Linux agent injection. More...

BOOLEAN	IntAgentIsPtrInTrampoline (QWORD Ptr, THS_PTR_TYPE Type)
	Check if the provided pointer points inside the Windows trampoline code. More...

Function Documentation

◆ IntAgentActivatePendingAgent()

INTSTATUS IntAgentActivatePendingAgent ( void )

Activate a pending Windows or Linux agent.

Return values

INT_STATUS_SUCCESS	On success.
INT_STATUS_NOT_INITIALIZED_HINT	If the guest OS is not initialized.
INT_STATUS_NOT_SUPPORTED	If the OS is not recognized.

Definition at line 70 of file agent.c.

Referenced by IntGuestPreReturnCallback().

◆ IntAgentDisablePendingAgents()

void IntAgentDisablePendingAgents ( void )

Disable the Windows or Linux pending agents.

Definition at line 102 of file agent.c.

Referenced by IntGuestPrepareUninit().

◆ IntAgentEnableInjection()

INTSTATUS IntAgentEnableInjection ( void )

Enable Windows or Linux agent injection.

Return values

INT_STATUS_SUCCESS	On success.
INT_STATUS_NOT_SUPPORTED	If the OS is not recognized.

Definition at line 152 of file agent.c.

Referenced by IntWinProcCreateProcessObject().

◆ IntAgentGetState()

AG_WAITSTATE IntAgentGetState ( DWORD * Tag )

Get the current Windows or Linux agent state.

Parameters

[out] Tag Optional active agent tag.

Returns: The current agent state.

Definition at line 121 of file agent.c.

Referenced by IntGuestIsSafeToDisable().

◆ IntAgentHandleInt3()

INTSTATUS IntAgentHandleInt3	(	QWORD	Rip,
		DWORD	CpuNumber
	)

Dispatch a breakpoint event to the Windows or Linux agent breakpoint handler.

Parameters

[in]	Rip	The RIP the breakpoint took place at.
[in]	CpuNumber	The VCPU number.

Return values

INT_STATUS_SUCCESS	On success.
INT_STATUS_NOT_SUPPORTED	If the OS is not recognized.

Definition at line 12 of file agent.c.

Referenced by IntHandleBreakpoint().

◆ IntAgentHandleVmcall()

INTSTATUS IntAgentHandleVmcall ( QWORD Rip )

Dispatch a VMCALL event to the Windows or Linux agent VMCALL handler.

Parameters

[in] Rip The RIP the VMCALL took place at.

Return values

INT_STATUS_SUCCESS	On success.
INT_STATUS_NOT_SUPPORTED	If the OS is not recognized.

Definition at line 42 of file agent.c.

Referenced by IntHandleIntroCall().

◆ IntAgentIsPtrInTrampoline()

BOOLEAN IntAgentIsPtrInTrampoline	(	QWORD	Ptr,
		THS_PTR_TYPE	Type
	)

Check if the provided pointer points inside the Windows trampoline code.

Parameters

[in]	Ptr	The pointer to be checked.
[in]	Type	Pointer type - live RIP or stack value.

Returns: True if the provided pointer points inside the trampoline code, false otherwise.

Definition at line 180 of file agent.c.

Referenced by IntThrSafeIsLiveRIPInIntro(), and IntThrSafeIsStackPtrInIntro().

Functions

Function Documentation

◆ IntAgentActivatePendingAgent()

◆ IntAgentDisablePendingAgents()

◆ IntAgentEnableInjection()

◆ IntAgentGetState()

◆ IntAgentHandleInt3()

◆ IntAgentHandleVmcall()

◆ IntAgentIsPtrInTrampoline()